CVE-2026-44600

Published May 7, 2026

Last updated 18 days ago

CVSS low 3.7

Overview

Description
Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue during the clearing of a queue, aka TROVE-2026-010.
Source
cve@mitre.org
NVD status
Analyzed
Products
tor

Risk scores

CVSS 3.1

Type
Primary
Base score
5.3
Impact score
1.4
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Severity
MEDIUM

Weaknesses

cve@mitre.org
CWE-696

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007.CVE-2026-44603
  2. Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009.CVE-2026-44601
  3. Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006.CVE-2026-44602
  4. Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, aka TROVE-2026-008.CVE-2026-44599
  5. Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011.CVE-2026-44597

References

Sources include official advisories and independent security research.